Описание
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, sometimes msl.c fails to update the stack index, so an image is stored in the wrong slot and never freed on error, causing leaks. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
A flaw was found in ImageMagick. When processing certain images, the msl.c component fails to correctly update the stack index, causing an image to be stored in an incorrect memory location. This memory is then not properly freed, leading to memory leaks. A remote attacker could exploit this vulnerability by providing a specially crafted image, which can lead to a Denial of Service (DoS) condition.
Отчет
MODERATE: A flaw in ImageMagick can lead to memory leaks when processing images. This issue arises because the MSL image stack index is not consistently refreshed, causing images to be stored in incorrect memory locations and not properly deallocated. Red Hat products utilizing ImageMagick for image manipulation may experience resource exhaustion under specific processing conditions.
Меры по смягчению последствий
To reduce the risk of memory exhaustion, it is recommended to avoid processing untrusted or maliciously crafted image files with ImageMagick. Deploying ImageMagick operations within a sandboxed environment with appropriate resource limits can further contain potential impacts from this vulnerability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | ImageMagick | Out of support scope | ||
| Red Hat Enterprise Linux 7 | ImageMagick | Out of support scope |
Показывать по
Дополнительная информация
Статус:
5.3 Medium
CVSS3
Связанные уязвимости
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, sometimes msl.c fails to update the stack index, so an image is stored in the wrong slot and never freed on error, causing leaks. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, sometimes msl.c fails to update the stack index, so an image is stored in the wrong slot and never freed on error, causing leaks. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
ImageMagick is free and open-source software used for editing and mani ...
ImageMagick: MSL image stack index may fail to refresh, leading to leaked images
5.3 Medium
CVSS3